CVE-2020-24557
HIGH KEVTrend Micro Apex One/Worry-Free Business Security 10.0 SP1 - Privil...
Title source: llmExploitation Summary
CVE-2020-24557 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000263632
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1094/
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000267260
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-24557
Scores
CVSS v3
7.8
EPSS
0.0188
EPSS Percentile
83.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-04-21
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2020-17276
Status
published
Products (3)
trendmicro/apex_one
trendmicro/apex_one
2019
trendmicro/worry-free_business_security
10.0 sp1
Published
Sep 01, 2020
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026